US20090202068A1 - Media security through hardware-resident proprietary key generation - Google Patents

Media security through hardware-resident proprietary key generation Download PDF

Info

Publication number
US20090202068A1
US20090202068A1 US12/027,279 US2727908A US2009202068A1 US 20090202068 A1 US20090202068 A1 US 20090202068A1 US 2727908 A US2727908 A US 2727908A US 2009202068 A1 US2009202068 A1 US 2009202068A1
Authority
US
United States
Prior art keywords
content
proprietary
circuit
key
standard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/027,279
Inventor
Amjad Qureshi
Babu Chilukuri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Adaptive Chips Inc
Original Assignee
Adaptive Chips Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Adaptive Chips Inc filed Critical Adaptive Chips Inc
Priority to US12/027,279 priority Critical patent/US20090202068A1/en
Assigned to ADAPTIVE CHIPS, INC. reassignment ADAPTIVE CHIPS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHILUKURI, BABU, QURESHI, AMJAD
Priority to PCT/US2009/033487 priority patent/WO2009100399A1/en
Publication of US20090202068A1 publication Critical patent/US20090202068A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • This disclosure relates generally to the technical field of communications and, in one example embodiment, to a method, apparatus, and system of media security through hardware-resident proprietary key generation.
  • a content provider may own a copyright interest in a work of authorship (e.g., a movie, a record, a book, a software application, etc.).
  • the content provider may wish to protect the work of authorship from unauthorized broadcast, duplication, and/or dissemination.
  • the content provider may create an encrypted content by employing an encryption standard (e.g., AACS, BD+, HDCP, DTCP-IP, a proprietary standard, etc.) to a media (e.g., a HD DVD, a BlueRay disk, etc.) having the work of authorship.
  • an encryption standard e.g., AACS, BD+, HDCP, DTCP-IP, a proprietary standard, etc.
  • a device may use a software application (e.g., media player application) to decode the encrypted content using a technique authorized by a governing body (e.g., AACS Licensing Administrator LLC, etc.) of the encryption standard.
  • the software application may temporarily store the encrypted content and a key to decrypt the encrypted content on a system memory.
  • the software application may not be able to decode the encrypted content as fast as it may be able to play back the work of authorship, the software application may utilize a video buffer (e.g., may be stored in a cache memory, the system memory, etc.) to temporarily store the work of authorship prior to playback on a display (e.g., a monitor, a LCD screen, a television, etc.).
  • a video buffer e.g., may be stored in a cache memory, the system memory, etc.
  • a display e.g., a monitor, a LCD screen, a television, etc.
  • a hacker may surreptitiously access the encrypted content and the key to decrypt the encrypted content in the system memory. The hacker may then use the key to decrypt the encrypted content to gain access to the work of authorship. Alternatively, the hacker may gain access to the video buffer and copy the work of authorship to an unsecure location. In such scenarios, the hacker may then broadcast, duplicate and/or disseminate the work of authorship without permission of the content provider. As a result, the content provider may lose the protection of the work of authorship they desired when employing the encryption standard.
  • a system includes a host processor; a first security circuit to re-encrypt a work of authorship (e.g., a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical and/or a textual content) protected by an encryption standard (e.g., Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and a proprietary standard) using a proprietary key (e.g., at least a 128 bit key) after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship.
  • AACS Advanced Access Content System
  • BD+ Blu-ray Disc
  • HDMI High-bandwidth Digital Content Protection
  • DTCP-IP Digital Transmission Content Protection over Internet Protocol
  • proprietary key e.g., at least
  • a system memory stores a proprietary encrypted content generated through the re-encryption process of the first security circuit.
  • a second security circuit of a display module may independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor. The second security circuit may decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.
  • a key generator circuit of the first security circuit and the second security circuit may generate the proprietary key using a key generator circuit of the first security circuit and the second security circuit to generate the proprietary key using a hash table, a number generator, a unique work of authorship identifier, and optionally a unique system identifier (e.g., the number generator and the hash table of the first security circuit and the second security circuit may be exactly the same).
  • the index pointer may point to a location in embedded memory of the first security circuit and the second security circuit having identical data to enable the key generator circuit of the second circuit to independently generate the proprietary key matching that of the first circuit.
  • a power saving circuit of the first security circuit and/or the second circuit may adjust a voltage and frequency of at least one clock, memory, gate, and sub-circuit when not in operation to reduce power consumption of the system.
  • the display module may decompress the work of authorship after the decryption of the proprietary encrypted content.
  • the display may also encrypt the decompressed content with a system master key provided from the display module and/or the host processor prior to sending the content to at least one of a video buffer and a display.
  • a method of an authorization module includes applying an algorithm of a encryption standard to verify that a playback device has permission to playback the work of authorship, re-encrypting the work of authorship protected by the encryption standard using a first hardware circuit that generates a proprietary key stored only in embedded hardware memory of the hardware circuit to re-encrypt the work of authorship, and storing a proprietary encrypted content generated through the re-encryption process in a system memory without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • the method may communicate an index pointer to a hash table and/or a number generator to a display module through a host processor.
  • the method may independently generate the proprietary key using an index pointer provided from the first hardware circuit associated with the authorization module to a second hardware circuit associated with the display module.
  • the second hardware circuit may be used to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.
  • the proprietary key may be generated using a hash table, a number generator and/or a unique identifier of a playback device.
  • the number generator and the hash table of the first security circuit and the second security circuit may be exactly the same.
  • the index pointer may reference a location in embedded memory of the first security circuit and the second security circuit having identical data to enable the key generator circuit of the second circuit to independently generate the proprietary key matching that of the first security circuit.
  • the index handshaking may require identical circuitry in both the first security circuit and the second security circuit (e.g., in both SoCs or System-on-Chips).
  • the index handshaking may be user dependent and/or configurable (e.g., each customer may have different key/seed generators).
  • a voltage and frequency of at least one clock, memory, gate, and sub-circuit may be adjusted when not in operation to reduce power consumption.
  • the proprietary key may be at least a 128 bit key.
  • the work of authorship may include a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and/or a textual content.
  • the display module may decompress the work of authorship after the decryption of the proprietary encrypted content.
  • a playback device in yet another aspect includes an authentication component to verify that a protected content is authorized to be viewed on the playback device; a media security circuitry to re-encrypt the protected content using a proprietary key after it is authorized to be viewed on the playback device using a secure embedded memory of the media security circuitry; and a display component to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
  • a memory map of the secure embedded memory and all hardware registers may never visible to software.
  • the playback device may be individually permitted to access the protected content through a broadcast encryption scheme such that only qualified subscribers of an encryption standard are permitted to access the protected content.
  • FIG. 1 is a block diagram of a playback device communicating with a media, according to one embodiment.
  • FIG. 2 is an exploded view of the playback device of FIG. 1 having an authorization module and a display module, according to one embodiment.
  • FIG. 3 is a network view of a content provider and a content library associated with the playback device of FIG. 1 through a network, according to one embodiment.
  • FIG. 4 is an exploded view of the authorization module of FIG. 2 , according to one embodiment.
  • FIG. 5 is a process flow of refreshing a set of base keys according to one embodiment.
  • FIG. 6 is a process flow of a method of the authorization module of FIG. 2 , according to one embodiment.
  • a system (e.g., a playback device 102 ) includes a host processor (e.g., a host processor 204 ); a first security circuit (e.g., a first security circuit 208 ) to re-encrypt a work of authorship protected by an encryption standard using a proprietary key (e.g., a proprietary key 214 A) after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship; a system memory (e.g., a system memory 206 ) to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and a second security circuit (e.g., a second security circuit 210 ) of a display module (a display module 202 ) to independently generate the proprietary key (e.g., a proprietary key 214 B) using an index pointer (e.g., an index pointer 224 ) provided from the first security circuit to the second security circuit through the host processor and
  • a method of an authorization module includes applying an algorithm of an encryption standard to verify that a playback device (e.g., the playback device 102 ) has permission to playback the work of authorship; re-encrypting the work of authorship protected by the encryption standard using a first hardware circuit that generates a proprietary key stored only in embedded hardware memory (e.g., the embedded memory 222 A) of the first hardware circuit to re-encrypt the work of authorship; and storing a proprietary encrypted content (e.g., a proprietary encrypted content 226 ) generated through the re-encryption process in a system memory (e.g., a system memory 206 ) without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • a proprietary encrypted content e.g., a proprietary encrypted content 226
  • a playback device (e.g., a playback device 102 ) includes an authentication component (e.g., the authorization module 200 ) to verify that a protected content is authorized to be viewed on the playback device; a media security circuitry (e.g., the first security circuit 208 and/or the second security circuit 210 ) to re-encrypt the protected content using a proprietary key (e.g.
  • the proprietary keys 214 after it is authorized to be viewed on the playback device using a secure embedded memory of the media security circuitry; and a display component (e.g., the display module 202 and the display 228 ) to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
  • a display component e.g., the display module 202 and the display 228 to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
  • FIG. 1 is a block diagram of a playback device 102 communicating with a media 100 , according to one embodiment.
  • the media 100 may be a HD-DVD disk and/or a Blue-Ray disc having a work of authorship (e.g., a movie, a television show, a play, a music data, etc.).
  • the media may be received via any networking protocol (e.g., wireless or wired protocol).
  • the playback device 102 may be a personal computer, a standalone media player, a mobile audio/video player, a mobile phone, and/or a kiosk.
  • the system e.g., the playback device 102 of FIG.
  • the work of authorship (e.g., stored on the media 100 of FIG. 1 ) may include a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and/or a textual content.
  • AACS Advanced Access Content System
  • BD+ Blu-ray Disc
  • HDCP High-bandwidth Digital Content Protection
  • DTCP-IP Digital Transmission Content Protection over Internet Protocol
  • the work of authorship (e.g., stored on the media 100 of FIG. 1 ) may include a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and/or a textual content.
  • the playback device 102 of FIG. 1 includes an authentication component (e.g., an authorization module 200 of FIG. 2 ) to verify that a protected content (e.g., on the media 100 ) is authorized to be viewed on the playback device 102 .
  • the playback device 102 also includes a media security circuitry (e.g., a first security circuit 208 and/or a second security circuit 210 of FIG. 2 ) to re-encrypt the protected content using a proprietary key 214 A after it is authorized to be viewed on the playback device 102 using a secure embedded memory (e.g., the embedded memory 222 A and/or the embedded memory 222 B) of the media security circuitry.
  • an authentication component e.g., an authorization module 200 of FIG. 2
  • the playback device 102 also includes a media security circuitry (e.g., a first security circuit 208 and/or a second security circuit 210 of FIG. 2 ) to re-encrypt the protected content using a proprietary key
  • the playback device 102 also includes a display component (e.g., the display module 202 and/or the display 228 ) to receive the re-encrypted content from a system memory 206 and to reference the media security circuitry (e.g., a first security circuit 208 and/or a second security circuit 210 of FIG. 2 ) to provide the proprietary key (e.g., the proprietary key 214 of FIG. 2 ) to decrypt the re-encrypted content (e.g., the proprietary encrypted content 226 of FIG. 2 ).
  • the playback device 102 may have a memory map (e.g., of the secure embedded memory and all hardware registers) which is never visible to software (e.g., the memory map may be entirely in hardware).
  • FIG. 2 is an exploded view of the playback device 102 of FIG. 1 having an authorization module 200 and a display module 202 , according to one embodiment.
  • the playback device 102 as shown in FIG. 2 includes a first security circuit 208 communicating with the authorization module 200 and a second security circuit 210 communicating with a display module 202 .
  • the first security circuit 208 includes a key generator circuit 212 A, a proprietary key 214 A, a power saving circuit circuitry 216 A, a hash table 218 A, a random number generator (RNG) 220 A, and an embedded memory 222 A.
  • RNG random number generator
  • the second security circuit 210 includes a key generator circuit 212 B, a proprietary key 214 B, a power saving circuit circuitry 216 B, a hash table 218 B, a random number generator (RNG) 220 B, and an embedded memory 222 B.
  • a key generator circuit 212 B a proprietary key 214 B
  • a power saving circuit circuitry 216 B a power saving circuit circuitry 216 B
  • a hash table 218 B a random number generator (RNG) 220 B
  • RNG random number generator
  • the authorization module 200 of FIG. 2 is illustrated as communicating with the display module 202 through the host processor 204 .
  • the host processor 204 may be coupled to a system memory 206 having a proprietary encrypted content 226 .
  • the display module 202 is illustrated as being coupled to a display 228 in the embodiment illustrated in FIG. 2 .
  • the authorization module 200 and the display module 202 may be created in software and/or in hardware. In one embodiment, the authorization module and the display module 202 is created entirely in hardware.
  • the authorization module may verify that the playback device 102 is authorized to play a particular type of media and/or work of authorship.
  • the display module 202 may decompress the media and/or the work of authorship.
  • the first security circuit 208 may re-encrypt a work of authorship (e.g., stored on the media 100 of FIG. 1 ) protected by an encryption standard using a proprietary key 214 A after an authorization module 200 uses an algorithm of the encryption standard to verify that the system (e.g., the playback device 102 of FIG. 1 ) has permission to playback the work of authorship (e.g., stored on the media 100 of FIG. 1 ).
  • the system memory 206 may store a proprietary encrypted content 226 generated through the re-encryption process of the first security circuit 208 .
  • the second security circuit 210 may independently generate the proprietary key 214 B using an index pointer 224 provided from the first security circuit 208 to the second security circuit 210 through the host processor 204 .
  • the index handshaking may require identical circuitry in both the first security circuit and the second security circuit (e.g., in both SoCs or System-on-Chips).
  • the index handshaking may be user dependent and/or configurable (e.g., each customer may have different key/seed generators).
  • the index handshaking mechanism may be completely eliminated (e.g., when the single SoC is integrated with Codecs and/or when Codec logic is added to the media security circuitry described here).
  • the second security circuit 210 may decrypt the proprietary encrypted content 226 of the system memory 206 using the independently generated proprietary key 214 B.
  • the key generator circuit 212 (e.g., of the first security circuit 208 and/or the second security circuit 210 ) may generate the proprietary key 214 A using a hash table 218 A, a number generator (e.g., Random Number Generator RNG 220 A), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier.
  • the index pointer 224 may point to a location in embedded memory (e.g., the embedded memory 222 A and/or the embedded memory 222 B) of the first security circuit 208 and/or the second security circuit 210 .
  • the embedded memory location may have identical data to enable the key generator circuit 212 B of the second security circuit 210 to independently generate the proprietary key 214 B matching that of the first security circuit 208 .
  • a power saving circuit e.g., the power saving circuit 216 A and/or the power saving circuit 216 B of the first security circuit 208 and/or the second security circuit 210 may adjust voltage and frequency of at least one clock, memory, gate, and/or sub-circuit when not in operation to reduce power consumption of the system (e.g., the playback device 102 of FIG.
  • the proprietary key 214 may be at least a 128 bit key.
  • the display module 202 may decompress the work of authorship (e.g., stored on the media 100 of FIG. 1 ) after the decryption of the proprietary encrypted content 226 .
  • the display module 202 may encrypt the decompressed content with a system master key provided from at least one of the display module 202 and the host processor 204 prior to sending the content to at least one of a video buffer (e.g., of the system memory 206 ) and a display 228 .
  • the authorization module 200 may apply an algorithm of an encryption standard (e.g., AACS) to verify that a playback device 102 has permission to playback the work of authorship (e.g., stored on the media 100 of FIG. 1 ).
  • AACS an encryption standard
  • the authorization module 200 may re-encrypt the work of authorship (e.g., stored on the media 100 of FIG. 1 ) protected by the encryption standard using a first hardware circuit (e.g., the first security circuit 208 ) that generates a proprietary key 214 A stored only in embedded hardware memory (e.g., the embedded memory 222 of FIG. 2 ) of the hardware first circuit.
  • the authorization module 200 may store a proprietary encrypted content 226 generated through the re-encryption process in a system memory 206 without storing any key information to decrypt the proprietary encrypted content 226 in the system memory 206 (e.g., such that the second security circuit has to independently recreate the key before decrypting).
  • the index pointer 224 may be communicated to a to a display module 202 through a host processor 204 .
  • the second hardware circuit e.g., the second security circuit 210
  • the second hardware circuit may independently generate the proprietary key using the index pointer 224 provided from the first hardware circuit (e.g., the first security circuit 208 ) associated with the authorization module 200 to a second hardware circuit (e.g., the second security circuit 210 ) associated with the display module 202 .
  • the second hardware circuit e.g., the second security circuit 210
  • the proprietary key may be generated using the hash table 218 A, the number generator (e.g., Random Number Generator RNG 220 A), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier (e.g., a MAC address or unique processor serial number).
  • the number generator e.g., Random Number Generator RNG 220 A
  • a unique work of authorship identifier e.g., a title key
  • a unique system identifier e.g., a MAC address or unique processor serial number
  • FIG. 3 is a network view of a content provider 302 and a content library 304 associated with the playback device 102 of FIG. 1 through a network 306 , according to one embodiment.
  • the content provider 302 may be an owner of a copyright interest of a work of authorship embodied on the media 100 of FIG. 1 (e.g., a record label, a publisher, a studio, etc.).
  • the network 306 may be a local area network, a wide area network, the Internet, etc.
  • the playback device may communicate with the content provider 302 to request and receive authentication keys (e.g., title keys) so that it may play back one or more works of authorship in the content library 304 .
  • authentication keys e.g., title keys
  • the content library 304 is illustrated as including a graphics content 308 , a textual content 310 , an audio content 312 , a video content 314 , a multimedia content 316 , a database content 318 , and a software application 320 .
  • the various types of content of the content library 304 may be works of authorship that are played back by the playback device 102 after receiving authorization from the content provider 302 .
  • FIG. 4 is an exploded view of the authorization module 200 of FIG. 2 , according to one embodiment.
  • the authorization module 200 as illustrated in FIG. 4 includes a processor 400 , a multi-channel DMA controller 402 , an instruction memory 404 , a data memory 406 , a 2 KB secure boot ROM 408 , an encryption block 410 , a standard controller block 412 , a set of USB controller circuitry (e.g., 414 and 416 ), and a set of secure internal resources (e.g., including a JTAG controller 444 , A PCI 2.2 master/target block 418 , and a AHB I/F block 420 ).
  • a processor 400 includes a processor 400 , a multi-channel DMA controller 402 , an instruction memory 404 , a data memory 406 , a 2 KB secure boot ROM 408 , an encryption block 410 , a standard controller block 412 , a set of USB controller circuitry (e.g.,
  • the authorization module 200 is also illustrated as including an interrupt controller 422 , a counter timer 424 , a clock reset generator 426 , a GPIO 428 , a UART 430 , an external SPI SSP coupled to an encrypted Flash 434 and an encrypted EEPROM 436 , a power module 438 , a watch dog timer 440 , and an AHB to APB bus bridge 442 . Also illustrated in FIG. 4 is an external FPGA 446 for encryption/decryption of the secure JTAG controller.
  • FIG. 5 is a process flow of refreshing a set of base keys according to one embodiment.
  • the playback device 102 receives a base key (e.g., at title key) from a content provider (e.g., the content provider 302 ).
  • a media security circuit e.g., the first security circuit 208 and/or the second security circuit 210 ) determines whether the base key needs to be refreshed (e.g., because of things such as multiple replay of a stream of video, after a fixed amount of time, after a frame or audio pause, etc.). If it is determined that the base key needs to be refreshed, in operation 506 , the base key is refreshed.
  • the base key refreshing process of FIG. 5 may provide additional security to the playback device 102 of FIG. 1 and FIG. 2 when certain types of the encryption standard are used (e.g., AACS).
  • the base key refreshing technique may be used by the key generator circuits 212 in creating the proprietary key 214 .
  • FIG. 6 is a process flow of a method of the authorization module of FIG. 2 , according to one embodiment.
  • an algorithm of an encryption standard e.g., AACS, BD+, HDCP, DTCP-IP, a proprietary standard, etc.
  • a media e.g., a HD DVD, a BlueRay disk, etc.
  • a playback device e.g., the playback device 102
  • the work of authorship protected by the encryption standard may be re-encrypted using a first hardware circuit (e.g., the first security circuit 208 of FIG.
  • a proprietary key (e.g., the proprietary key 214 A) stored only in embedded hardware memory (e.g., the embedded hardware memory 222 A) of the first hardware circuit to re-encrypt the work of authorship.
  • a proprietary encrypted content (e.g., the proprietary encrypted content 226 of FIG. 2 ) generated through the re-encryption process may be stored in a system memory (e.g., the system memory 206 of FIG. 2 ) without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • an index pointer (e.g., the index pointer 224 of FIG. 2 ) may be communicated to a display module (e.g., the display module 202 of FIG. 2 ) through a host processor (e.g., the host processor 204 of FIG. 2 ).
  • the proprietary key (e.g., the proprietary key 214 B of FIG. 2 ) may be independently generated using an index pointer (e.g., the index pointer 224 of FIG. 2 ) provided from the first hardware circuit (e.g., the first security circuit 208 of FIG. 2 ) associated with the authorization module (e.g., the authorization module 200 of FIG.
  • the proprietary key (e.g., the proprietary key 214 B of FIG. 2 ) may be generated using the hash table (e.g., the hash table 218 B), the number generator (e.g., the random number generator 220 B), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier (e.g., the hash table and the number generator of the first hardware circuit and the second hardware circuit are exactly the same).
  • the hash table e.g., the hash table 218 B
  • the number generator e.g., the random number generator 220 B
  • a unique work of authorship identifier e.g., a title key
  • optionally a unique system identifier e.g., the hash table and the number generator of the first hardware circuit and the second hardware circuit are exactly the same.
  • the second hardware circuit e.g., the second security circuit 210 of FIG. 2
  • the second hardware circuit may be used to decrypt the proprietary encrypted content of the system memory (e.g., the system memory 206 of FIG. 2 ) using the independently generated proprietary key (e.g., the proprietary key 214 B of FIG. 2 ).
  • the various electrical structure and methods may be embodied using transistors, logic gates, and electrical circuits (e.g., Application Specific Integrated Circuitry (ASIC) and/or in Digital Signal Processor (DSP) circuitry).
  • ASIC Application Specific Integrated Circuitry
  • DSP Digital Signal Processor
  • the authorization module 200 and the display module 202 of FIG. 2 may be enabled using an authorization circuit, a display circuit, and other circuits using one or more of the technologies described herein.

Abstract

A method, system and apparatus of an author website in a commerce environment are disclosed. In one embodiment, a system includes a host processor; a first security circuit to re-encrypt a work of authorship protected by an encryption standard using a proprietary key after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship; a system memory to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and a second security circuit of a display module to independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor and to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.

Description

    FIELD OF TECHNOLOGY
  • This disclosure relates generally to the technical field of communications and, in one example embodiment, to a method, apparatus, and system of media security through hardware-resident proprietary key generation.
    • BACKGROUND
  • A content provider (e.g., a studio, a record label, a publisher, a developer etc.) may own a copyright interest in a work of authorship (e.g., a movie, a record, a book, a software application, etc.). The content provider may wish to protect the work of authorship from unauthorized broadcast, duplication, and/or dissemination. To protect the work of authorship, the content provider may create an encrypted content by employing an encryption standard (e.g., AACS, BD+, HDCP, DTCP-IP, a proprietary standard, etc.) to a media (e.g., a HD DVD, a BlueRay disk, etc.) having the work of authorship.
  • A device (e.g., a computer, a standalone player, etc.) may use a software application (e.g., media player application) to decode the encrypted content using a technique authorized by a governing body (e.g., AACS Licensing Administrator LLC, etc.) of the encryption standard. The software application may temporarily store the encrypted content and a key to decrypt the encrypted content on a system memory. In addition, because the software application may not be able to decode the encrypted content as fast as it may be able to play back the work of authorship, the software application may utilize a video buffer (e.g., may be stored in a cache memory, the system memory, etc.) to temporarily store the work of authorship prior to playback on a display (e.g., a monitor, a LCD screen, a television, etc.).
  • A hacker (e.g., one who uses programming skills to gain illegal access to a computer network or file) may surreptitiously access the encrypted content and the key to decrypt the encrypted content in the system memory. The hacker may then use the key to decrypt the encrypted content to gain access to the work of authorship. Alternatively, the hacker may gain access to the video buffer and copy the work of authorship to an unsecure location. In such scenarios, the hacker may then broadcast, duplicate and/or disseminate the work of authorship without permission of the content provider. As a result, the content provider may lose the protection of the work of authorship they desired when employing the encryption standard.
    • SUMMARY
  • A method, system and apparatus of media security through hardware-resident proprietary key generation are disclosed. In one aspect, a system includes a host processor; a first security circuit to re-encrypt a work of authorship (e.g., a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical and/or a textual content) protected by an encryption standard (e.g., Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and a proprietary standard) using a proprietary key (e.g., at least a 128 bit key) after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship.
  • In this aspect, a system memory stores a proprietary encrypted content generated through the re-encryption process of the first security circuit. A second security circuit of a display module may independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor. The second security circuit may decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key. A key generator circuit of the first security circuit and the second security circuit may generate the proprietary key using a key generator circuit of the first security circuit and the second security circuit to generate the proprietary key using a hash table, a number generator, a unique work of authorship identifier, and optionally a unique system identifier (e.g., the number generator and the hash table of the first security circuit and the second security circuit may be exactly the same).
  • The index pointer may point to a location in embedded memory of the first security circuit and the second security circuit having identical data to enable the key generator circuit of the second circuit to independently generate the proprietary key matching that of the first circuit. A power saving circuit of the first security circuit and/or the second circuit may adjust a voltage and frequency of at least one clock, memory, gate, and sub-circuit when not in operation to reduce power consumption of the system. The display module may decompress the work of authorship after the decryption of the proprietary encrypted content. The display may also encrypt the decompressed content with a system master key provided from the display module and/or the host processor prior to sending the content to at least one of a video buffer and a display.
  • In another aspect, a method of an authorization module includes applying an algorithm of a encryption standard to verify that a playback device has permission to playback the work of authorship, re-encrypting the work of authorship protected by the encryption standard using a first hardware circuit that generates a proprietary key stored only in embedded hardware memory of the hardware circuit to re-encrypt the work of authorship, and storing a proprietary encrypted content generated through the re-encryption process in a system memory without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • The method may communicate an index pointer to a hash table and/or a number generator to a display module through a host processor. The method may independently generate the proprietary key using an index pointer provided from the first hardware circuit associated with the authorization module to a second hardware circuit associated with the display module. The second hardware circuit may be used to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key. The proprietary key may be generated using a hash table, a number generator and/or a unique identifier of a playback device. The number generator and the hash table of the first security circuit and the second security circuit may be exactly the same. The index pointer may reference a location in embedded memory of the first security circuit and the second security circuit having identical data to enable the key generator circuit of the second circuit to independently generate the proprietary key matching that of the first security circuit. The index handshaking may require identical circuitry in both the first security circuit and the second security circuit (e.g., in both SoCs or System-on-Chips). The index handshaking may be user dependent and/or configurable (e.g., each customer may have different key/seed generators).
  • A voltage and frequency of at least one clock, memory, gate, and sub-circuit may be adjusted when not in operation to reduce power consumption. The proprietary key may be at least a 128 bit key. The work of authorship may include a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and/or a textual content. The display module may decompress the work of authorship after the decryption of the proprietary encrypted content.
  • In yet another aspect a playback device includes an authentication component to verify that a protected content is authorized to be viewed on the playback device; a media security circuitry to re-encrypt the protected content using a proprietary key after it is authorized to be viewed on the playback device using a secure embedded memory of the media security circuitry; and a display component to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
  • A memory map of the secure embedded memory and all hardware registers may never visible to software. The playback device may be individually permitted to access the protected content through a broadcast encryption scheme such that only qualified subscribers of an encryption standard are permitted to access the protected content.
  • The methods, system, and apparatuses disclosed herein may be implemented in any means for achieving various aspects, and may be executed in a form of machine-readable medium embodying a set of instruction that, when executed by a machine, causes the machine to perform any of the operation disclosed herein. Other features will be apparent from the accompanying drawing and from the detailed description that follows.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Example embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:
  • FIG. 1 is a block diagram of a playback device communicating with a media, according to one embodiment.
  • FIG. 2 is an exploded view of the playback device of FIG. 1 having an authorization module and a display module, according to one embodiment.
  • FIG. 3 is a network view of a content provider and a content library associated with the playback device of FIG. 1 through a network, according to one embodiment.
  • FIG. 4 is an exploded view of the authorization module of FIG. 2, according to one embodiment.
  • FIG. 5 is a process flow of refreshing a set of base keys according to one embodiment.
  • FIG. 6 is a process flow of a method of the authorization module of FIG. 2, according to one embodiment.
    •
  • Other features of the present embodiments will be apparent from the accompanying drawings and from the detailed description that follows.
    • DETAILED DESCRIPTION
  • A method apparatus and system of an author website in a commerce environment are disclosed. In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the various embodiments. It will be evident, however to one skilled in the art that the various embodiments may be practiced without these specific details.
  • In one embodiment, a system (e.g., a playback device 102) includes a host processor (e.g., a host processor 204); a first security circuit (e.g., a first security circuit 208) to re-encrypt a work of authorship protected by an encryption standard using a proprietary key (e.g., a proprietary key 214A) after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship; a system memory (e.g., a system memory 206) to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and a second security circuit (e.g., a second security circuit 210) of a display module (a display module 202) to independently generate the proprietary key (e.g., a proprietary key 214B) using an index pointer (e.g., an index pointer 224) provided from the first security circuit to the second security circuit through the host processor and to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.
  • In another embodiment, a method of an authorization module (e.g., the authorization module 200) includes applying an algorithm of an encryption standard to verify that a playback device (e.g., the playback device 102) has permission to playback the work of authorship; re-encrypting the work of authorship protected by the encryption standard using a first hardware circuit that generates a proprietary key stored only in embedded hardware memory (e.g., the embedded memory 222A) of the first hardware circuit to re-encrypt the work of authorship; and storing a proprietary encrypted content (e.g., a proprietary encrypted content 226) generated through the re-encryption process in a system memory (e.g., a system memory 206) without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • In yet another embodiment, a playback device (e.g., a playback device 102) includes an authentication component (e.g., the authorization module 200) to verify that a protected content is authorized to be viewed on the playback device; a media security circuitry (e.g., the first security circuit 208 and/or the second security circuit 210) to re-encrypt the protected content using a proprietary key (e.g. the proprietary keys 214) after it is authorized to be viewed on the playback device using a secure embedded memory of the media security circuitry; and a display component (e.g., the display module 202 and the display 228) to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
  • FIG. 1 is a block diagram of a playback device 102 communicating with a media 100, according to one embodiment. The media 100 may be a HD-DVD disk and/or a Blue-Ray disc having a work of authorship (e.g., a movie, a television show, a play, a music data, etc.). In an alternate embodiment, the media may be received via any networking protocol (e.g., wireless or wired protocol). The playback device 102 may be a personal computer, a standalone media player, a mobile audio/video player, a mobile phone, and/or a kiosk. The system (e.g., the playback device 102 of FIG. 1) may utilize an encryption standard such as an Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and/or a proprietary standard. The work of authorship (e.g., stored on the media 100 of FIG. 1) may include a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and/or a textual content.
  • The playback device 102 of FIG. 1 includes an authentication component (e.g., an authorization module 200 of FIG. 2) to verify that a protected content (e.g., on the media 100) is authorized to be viewed on the playback device 102. The playback device 102 also includes a media security circuitry (e.g., a first security circuit 208 and/or a second security circuit 210 of FIG. 2) to re-encrypt the protected content using a proprietary key 214A after it is authorized to be viewed on the playback device 102 using a secure embedded memory (e.g., the embedded memory 222A and/or the embedded memory 222B) of the media security circuitry.
  • The playback device 102 also includes a display component (e.g., the display module 202 and/or the display 228) to receive the re-encrypted content from a system memory 206 and to reference the media security circuitry (e.g., a first security circuit 208 and/or a second security circuit 210 of FIG. 2) to provide the proprietary key (e.g., the proprietary key 214 of FIG. 2) to decrypt the re-encrypted content (e.g., the proprietary encrypted content 226 of FIG. 2). The playback device 102 may have a memory map (e.g., of the secure embedded memory and all hardware registers) which is never visible to software (e.g., the memory map may be entirely in hardware).
  • FIG. 2 is an exploded view of the playback device 102 of FIG. 1 having an authorization module 200 and a display module 202, according to one embodiment. The playback device 102 as shown in FIG. 2 includes a first security circuit 208 communicating with the authorization module 200 and a second security circuit 210 communicating with a display module 202. The first security circuit 208 includes a key generator circuit 212A, a proprietary key 214A, a power saving circuit circuitry 216A, a hash table 218A, a random number generator (RNG) 220A, and an embedded memory 222A. Similarly, the second security circuit 210 includes a key generator circuit 212B, a proprietary key 214B, a power saving circuit circuitry 216B, a hash table 218B, a random number generator (RNG) 220B, and an embedded memory 222B.
  • The authorization module 200 of FIG. 2 is illustrated as communicating with the display module 202 through the host processor 204. The host processor 204 may be coupled to a system memory 206 having a proprietary encrypted content 226. The display module 202 is illustrated as being coupled to a display 228 in the embodiment illustrated in FIG. 2. The authorization module 200 and the display module 202 may be created in software and/or in hardware. In one embodiment, the authorization module and the display module 202 is created entirely in hardware. The authorization module may verify that the playback device 102 is authorized to play a particular type of media and/or work of authorship. The display module 202 may decompress the media and/or the work of authorship.
  • The first security circuit 208 may re-encrypt a work of authorship (e.g., stored on the media 100 of FIG. 1) protected by an encryption standard using a proprietary key 214A after an authorization module 200 uses an algorithm of the encryption standard to verify that the system (e.g., the playback device 102 of FIG. 1) has permission to playback the work of authorship (e.g., stored on the media 100 of FIG. 1). The system memory 206 may store a proprietary encrypted content 226 generated through the re-encryption process of the first security circuit 208.
  • The second security circuit 210 may independently generate the proprietary key 214B using an index pointer 224 provided from the first security circuit 208 to the second security circuit 210 through the host processor 204. The index handshaking may require identical circuitry in both the first security circuit and the second security circuit (e.g., in both SoCs or System-on-Chips). The index handshaking may be user dependent and/or configurable (e.g., each customer may have different key/seed generators). Alternatively, in an embodiment in which the first security circuit and the second security circuit are combined into a single SoC (e.g., System on Chip), the index handshaking mechanism may be completely eliminated (e.g., when the single SoC is integrated with Codecs and/or when Codec logic is added to the media security circuitry described here).
  • The second security circuit 210 may decrypt the proprietary encrypted content 226 of the system memory 206 using the independently generated proprietary key 214B. The key generator circuit 212 (e.g., of the first security circuit 208 and/or the second security circuit 210) may generate the proprietary key 214A using a hash table 218A, a number generator (e.g., Random Number Generator RNG 220A), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier. In one embodiment, it is important that the number generator (e.g., Random Number Generator RNG 220) and the hash table 218 of the first security circuit 208 and the second security circuit 210 are exactly the same.
  • The index pointer 224 may point to a location in embedded memory (e.g., the embedded memory 222A and/or the embedded memory 222B) of the first security circuit 208 and/or the second security circuit 210. The embedded memory location may have identical data to enable the key generator circuit 212B of the second security circuit 210 to independently generate the proprietary key 214B matching that of the first security circuit 208. A power saving circuit (e.g., the power saving circuit 216A and/or the power saving circuit 216B) of the first security circuit 208 and/or the second security circuit 210 may adjust voltage and frequency of at least one clock, memory, gate, and/or sub-circuit when not in operation to reduce power consumption of the system (e.g., the playback device 102 of FIG. 1). The proprietary key 214 may be at least a 128 bit key. The display module 202 may decompress the work of authorship (e.g., stored on the media 100 of FIG. 1) after the decryption of the proprietary encrypted content 226.
  • The display module 202 may encrypt the decompressed content with a system master key provided from at least one of the display module 202 and the host processor 204 prior to sending the content to at least one of a video buffer (e.g., of the system memory 206) and a display 228. The authorization module 200 may apply an algorithm of an encryption standard (e.g., AACS) to verify that a playback device 102 has permission to playback the work of authorship (e.g., stored on the media 100 of FIG. 1).
  • The authorization module 200 may re-encrypt the work of authorship (e.g., stored on the media 100 of FIG. 1) protected by the encryption standard using a first hardware circuit (e.g., the first security circuit 208) that generates a proprietary key 214A stored only in embedded hardware memory (e.g., the embedded memory 222 of FIG. 2) of the hardware first circuit. The authorization module 200 may store a proprietary encrypted content 226 generated through the re-encryption process in a system memory 206 without storing any key information to decrypt the proprietary encrypted content 226 in the system memory 206 (e.g., such that the second security circuit has to independently recreate the key before decrypting).
  • The index pointer 224 may be communicated to a to a display module 202 through a host processor 204. The second hardware circuit (e.g., the second security circuit 210) may independently generate the proprietary key using the index pointer 224 provided from the first hardware circuit (e.g., the first security circuit 208) associated with the authorization module 200 to a second hardware circuit (e.g., the second security circuit 210) associated with the display module 202. The second hardware circuit (e.g., the second security circuit 210) may be used to decrypt the proprietary encrypted content 226 of the system memory 206 using the independently generated proprietary key 214B.
  • The proprietary key may be generated using the hash table 218A, the number generator (e.g., Random Number Generator RNG 220A), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier (e.g., a MAC address or unique processor serial number).
  • FIG. 3 is a network view of a content provider 302 and a content library 304 associated with the playback device 102 of FIG. 1 through a network 306, according to one embodiment. The content provider 302 may be an owner of a copyright interest of a work of authorship embodied on the media 100 of FIG. 1 (e.g., a record label, a publisher, a studio, etc.). The network 306 may be a local area network, a wide area network, the Internet, etc. The playback device may communicate with the content provider 302 to request and receive authentication keys (e.g., title keys) so that it may play back one or more works of authorship in the content library 304.
  • The content library 304 is illustrated as including a graphics content 308, a textual content 310, an audio content 312, a video content 314, a multimedia content 316, a database content 318, and a software application 320. The various types of content of the content library 304 may be works of authorship that are played back by the playback device 102 after receiving authorization from the content provider 302.
  • FIG. 4 is an exploded view of the authorization module 200 of FIG. 2, according to one embodiment. The authorization module 200 as illustrated in FIG. 4 includes a processor 400, a multi-channel DMA controller 402, an instruction memory 404, a data memory 406, a 2 KB secure boot ROM 408, an encryption block 410, a standard controller block 412, a set of USB controller circuitry (e.g., 414 and 416), and a set of secure internal resources (e.g., including a JTAG controller 444, A PCI 2.2 master/target block 418, and a AHB I/F block 420).
  • The authorization module 200 is also illustrated as including an interrupt controller 422, a counter timer 424, a clock reset generator 426, a GPIO 428, a UART 430, an external SPI SSP coupled to an encrypted Flash 434 and an encrypted EEPROM 436, a power module 438, a watch dog timer 440, and an AHB to APB bus bridge 442. Also illustrated in FIG. 4 is an external FPGA 446 for encryption/decryption of the secure JTAG controller.
  • FIG. 5 is a process flow of refreshing a set of base keys according to one embodiment. In operation 502, the playback device 102 receives a base key (e.g., at title key) from a content provider (e.g., the content provider 302). In operation 504, a media security circuit (e.g., the first security circuit 208 and/or the second security circuit 210) determines whether the base key needs to be refreshed (e.g., because of things such as multiple replay of a stream of video, after a fixed amount of time, after a frame or audio pause, etc.). If it is determined that the base key needs to be refreshed, in operation 506, the base key is refreshed. The base key refreshing process of FIG. 5 may provide additional security to the playback device 102 of FIG. 1 and FIG. 2 when certain types of the encryption standard are used (e.g., AACS). The base key refreshing technique may be used by the key generator circuits 212 in creating the proprietary key 214.
  • FIG. 6 is a process flow of a method of the authorization module of FIG. 2, according to one embodiment. In operation 602, an algorithm of an encryption standard (e.g., AACS, BD+, HDCP, DTCP-IP, a proprietary standard, etc.) to a media (e.g., a HD DVD, a BlueRay disk, etc.) may be applied to verify that a playback device (e.g., the playback device 102) has permission to playback the work of authorship (e.g., on the media 100 of FIG. 1). In operation 604, the work of authorship protected by the encryption standard may be re-encrypted using a first hardware circuit (e.g., the first security circuit 208 of FIG. 2) that generates a proprietary key (e.g., the proprietary key 214A) stored only in embedded hardware memory (e.g., the embedded hardware memory 222A) of the first hardware circuit to re-encrypt the work of authorship. Then, in operation 606, a proprietary encrypted content (e.g., the proprietary encrypted content 226 of FIG. 2) generated through the re-encryption process may be stored in a system memory (e.g., the system memory 206 of FIG. 2) without storing any key information to decrypt the proprietary encrypted content in the system memory.
  • Next, in operation 608, an index pointer (e.g., the index pointer 224 of FIG. 2) may be communicated to a display module (e.g., the display module 202 of FIG. 2) through a host processor (e.g., the host processor 204 of FIG. 2). Then in operation 610, the proprietary key (e.g., the proprietary key 214B of FIG. 2) may be independently generated using an index pointer (e.g., the index pointer 224 of FIG. 2) provided from the first hardware circuit (e.g., the first security circuit 208 of FIG. 2) associated with the authorization module (e.g., the authorization module 200 of FIG. 2) to a second hardware circuit (e.g., the second security circuit 210 of FIG. 2) associated with the display module (e.g., the display module 202 of FIG. 2). In operation 612, the proprietary key (e.g., the proprietary key 214B of FIG. 2) may be generated using the hash table (e.g., the hash table 218B), the number generator (e.g., the random number generator 220B), a unique work of authorship identifier (e.g., a title key), and optionally a unique system identifier (e.g., the hash table and the number generator of the first hardware circuit and the second hardware circuit are exactly the same). In operation 614, the second hardware circuit (e.g., the second security circuit 210 of FIG. 2) may be used to decrypt the proprietary encrypted content of the system memory (e.g., the system memory 206 of FIG. 2) using the independently generated proprietary key (e.g., the proprietary key 214B of FIG. 2).
  • Although the present embodiments have been described with reference to specific example embodiments, it will be evident that various modifications and changes may be made to these embodiments without departing from the broader spirit and scope of the various embodiments. For example, the various devices, modules, analyzers, generators, etc. described herein may be enabled and operated using hardware circuitry (e.g., CMOS based logic circuitry), firmware, software and/or any combination of hardware, firmware, and/or software (e.g., embodied in a machine readable medium).
  • For example, the various electrical structure and methods may be embodied using transistors, logic gates, and electrical circuits (e.g., Application Specific Integrated Circuitry (ASIC) and/or in Digital Signal Processor (DSP) circuitry). For example, the authorization module 200 and the display module 202 of FIG. 2 may be enabled using an authorization circuit, a display circuit, and other circuits using one or more of the technologies described herein.
  • In addition, it will be appreciated that the various operations, processes, and methods disclosed herein may be embodied in a machine-readable medium and/or a machine accessible medium compatible with a data processing system (e.g., a computer system), and may be performed in any order. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims (20)

1. A system comprising:
a host processor;
a first security circuit to re-encrypt a work of authorship protected by an encryption standard using a proprietary key after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship;
a system memory to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and
a second security circuit of a display module to independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor and to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.
2. The system of claim 1 further comprising a key generator circuit of the first security circuit and the second security circuit to generate the proprietary key using a hash table, a number generator, a unique work of authorship identifier, and optionally a unique system identifier wherein the number generator and the hash table of the first security circuit and the second security circuit is exactly the same.
3. The system of claim 2 wherein the index pointer points to a location in embedded memory of the first security circuit and the second security circuit having identical data to enable the key generator circuit of the second circuit to independently generate the proprietary key matching that of the first circuit.
4. The system of claim 3 wherein the encryption standard is at least one of an Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and a proprietary standard.
5. The system of claim 1 further comprising a power saving circuit of at least one of the first security circuit and the second circuit to adjust voltage and frequency of at least one clock, memory, gate, and sub-circuit when not in operation to reduce power consumption of the system.
6. The system of claim 1 wherein the proprietary key is at least a 128 bit key, and wherein the work of authorship includes at least one of a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and a textual content.
7. The system of claim 1 wherein the display module to decompress the work of authorship after the decryption of the proprietary encrypted content, and to encrypt the decompressed content with a system master key provided from at least one of the display module and the host processor prior to sending the content to at least one of a video buffer and a display.
8. A method of an authorization module comprising:
applying an algorithm of an encryption standard to verify that a playback device has permission to playback the work of authorship;
re-encrypting the work of authorship protected by the encryption standard using a first hardware circuit that generates a proprietary key stored only in embedded hardware memory of the first hardware circuit to re-encrypt the work of authorship; and
storing a proprietary encrypted content generated through the re-encryption process in a system memory without storing any key information to decrypt the proprietary encrypted content in the system memory.
9. The method of claim 8 further comprising:
communicating an index pointer to a display module through a host processor; and
independently generating the proprietary key using an index pointer provided from the first hardware circuit associated with the authorization module to a second hardware circuit associated with the display module;
using the second hardware circuit to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.
10. The method of claim 9 further comprising:
generating the proprietary key using the hash table, the number generator, a unique work of authorship identifier, and optionally a unique system identifier, wherein the hash table and the number generator of the first hardware circuit and the second hardware circuit are exactly the same.
11. The method of claim 10 wherein the index pointer references a location in embedded memory of the first hardware circuit and the second hardware circuit having identical data to enable the key generator circuit of the second hardware circuit to independently generate the proprietary key matching that of the first hardware circuit.
12. The method of claim 11 wherein the encryption standard is at least one of an Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and a proprietary standard.
13. The method of claim 12 wherein at least one of the first hardware circuit and the second hardware circuit adjusts a voltage and frequency of at least one clock, memory, gate, and sub-circuit when not in operation to reduce power consumption.
14. The system of claim 13 wherein the proprietary key is at least a 128 bit key, and wherein the work of authorship includes at least one of a video content, a motion-picture content, an audio content, a music content, a lyrical content, a graphical content, and a textual content.
15. The system of claim 14 wherein the display module to decompress the work of authorship after the decryption of the proprietary encrypted content, and to encrypt the decompressed content with a system master key provided from at least one of the display module and the host processor prior to sending the content to at least one of a video buffer and a display.
16. A playback device comprising:
an authentication component to verify that a protected content is authorized to be viewed on the playback device;
a media security circuitry to re-encrypt the protected content using a proprietary key after it is authorized to be viewed on the playback device using a secure embedded memory of the media security circuitry; and
a display component to receive the re-encrypted content from a system memory and to reference the media security circuitry to provide the proprietary key to decrypt the re-encrypted content.
17. The playback device of claim 16 wherein the encryption standard is at least one of an Advanced Access Content System (AACS) standard, a BD+ (Blu-ray Disc) standard, a High-bandwidth Digital Content Protection (HDCP) standard, a Digital Transmission Content Protection over Internet Protocol (DTCP-IP) standard, and a proprietary standard.
18. The playback device of claim 17 wherein the display module to decompress the work of authorship after the decryption of the proprietary encrypted content, and to encrypt the decompressed content with a system master key provided from at least one of the display module and the host processor prior to sending the content to at least one of a video buffer and a display.
19. The playback device of claim 16 wherein a memory map of the secure embedded memory and all hardware registers are never visible to software.
20. The playback device of claim 16 further comprising a key generator circuit of the secure embedded memory to generate the proprietary key using a hash table, a number generator, a unique work of authorship identifier, and optionally a unique system identifier.
US12/027,279 2008-02-07 2008-02-07 Media security through hardware-resident proprietary key generation Abandoned US20090202068A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/027,279 US20090202068A1 (en) 2008-02-07 2008-02-07 Media security through hardware-resident proprietary key generation
PCT/US2009/033487 WO2009100399A1 (en) 2008-02-07 2009-02-06 Media security through hardware-resident proprietary key generation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/027,279 US20090202068A1 (en) 2008-02-07 2008-02-07 Media security through hardware-resident proprietary key generation

Publications (1)

Publication Number Publication Date
US20090202068A1 true US20090202068A1 (en) 2009-08-13

Family

ID=40938887

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/027,279 Abandoned US20090202068A1 (en) 2008-02-07 2008-02-07 Media security through hardware-resident proprietary key generation

Country Status (2)

Country Link
US (1) US20090202068A1 (en)
WO (1) WO2009100399A1 (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090148125A1 (en) * 2007-12-10 2009-06-11 Realnetworks, Inc. System and method for automatically creating a media archive from content on a recording medium
US20090193262A1 (en) * 2008-01-28 2009-07-30 Seagate Technology, Llc Security threshold enforcement in anchor point-based digital rights management
US20090257594A1 (en) * 2008-04-15 2009-10-15 Amjad Qureshi Secure debug interface and memory of a media security circuit and method
US20090319807A1 (en) * 2008-06-19 2009-12-24 Realnetworks, Inc. Systems and methods for content playback and recording
US8255578B2 (en) 2010-06-14 2012-08-28 Microsoft Corporation Preventing access to a device from an external interface
US8600950B2 (en) 2007-12-10 2013-12-03 Intel Corporation System and method for automatically creating a media archive from content on a recording medium
US20140053278A1 (en) * 2012-08-17 2014-02-20 Broadcom Corporation Data and key separation using a secure central processing unit
WO2014074127A1 (en) 2012-11-08 2014-05-15 Intel Corporation An improved implementation of robust and secure content protection in a system-on-a-chip apparatus
US20140143552A1 (en) * 2012-11-18 2014-05-22 Cisco Technology Inc. Glitch Resistant Device
WO2014154291A1 (en) * 2013-03-28 2014-10-02 Irdeto B.V. Protection of digital content
US20150095631A1 (en) * 2013-09-30 2015-04-02 Dell Products L.P. Systems and methods for binding a removable cryptoprocessor to an information handling system
WO2016053729A1 (en) * 2014-09-30 2016-04-07 Alibaba Group Holding Limited Method and system for secure management of computer applications
US20170139008A1 (en) * 2015-11-13 2017-05-18 Samsung Electronics Co., Ltd. System on chip and secure debugging method
US9888051B1 (en) * 2011-03-31 2018-02-06 Amazon Technologies, Inc. Heterogeneous video processing using private or public cloud computing resources
US10262163B1 (en) 2018-04-25 2019-04-16 Blockchain Asics Llc Cryptographic ASIC with unique internal identifier
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
US10936758B2 (en) 2016-01-15 2021-03-02 Blockchain ASICs Inc. Cryptographic ASIC including circuitry-encoded transformation function
US11196789B2 (en) * 2018-09-20 2021-12-07 Panasonic Intellectual Property Management Co., Ltd. Recording device and recording method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6597620B1 (en) * 2001-07-18 2003-07-22 Advanced Micro Devices, Inc. Storage circuit with data retention during power down
US20050063541A1 (en) * 2002-11-05 2005-03-24 Candelore Brant L. Digital rights management of a digital device
US20060242069A1 (en) * 2005-04-21 2006-10-26 Petr Peterka Digital rights management for local recording and home network distribution
US20070086593A1 (en) * 2000-10-30 2007-04-19 Geocodex Llc System and method for delivering encrypted information in a communication network using location indentity and key tables
US20080016332A1 (en) * 1996-07-30 2008-01-17 Micron Technology, Inc. System for providing security in a network comprising communications devices
US7461191B2 (en) * 2004-08-31 2008-12-02 Advanced Micro Devices, Inc. Segmented on-chip memory and requester arbitration
US20080307240A1 (en) * 2007-06-08 2008-12-11 Texas Instruments Incorporated Power management electronic circuits, systems, and methods and processes of manufacture
US7817800B2 (en) * 1998-02-13 2010-10-19 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6789197B1 (en) * 1994-10-27 2004-09-07 Mitsubishi Corporation Apparatus for data copyright management system
JP3965126B2 (en) * 2002-03-20 2007-08-29 松下電器産業株式会社 Playback device for playing content
US7571491B2 (en) * 2004-02-05 2009-08-04 Panasonic Corporation Television receiver and electronic device
US8819421B2 (en) * 2006-04-04 2014-08-26 Qualcomm Incorporated File decryption interface

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080016332A1 (en) * 1996-07-30 2008-01-17 Micron Technology, Inc. System for providing security in a network comprising communications devices
US7817800B2 (en) * 1998-02-13 2010-10-19 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements
US20070086593A1 (en) * 2000-10-30 2007-04-19 Geocodex Llc System and method for delivering encrypted information in a communication network using location indentity and key tables
US6597620B1 (en) * 2001-07-18 2003-07-22 Advanced Micro Devices, Inc. Storage circuit with data retention during power down
US20050063541A1 (en) * 2002-11-05 2005-03-24 Candelore Brant L. Digital rights management of a digital device
US7461191B2 (en) * 2004-08-31 2008-12-02 Advanced Micro Devices, Inc. Segmented on-chip memory and requester arbitration
US20060242069A1 (en) * 2005-04-21 2006-10-26 Petr Peterka Digital rights management for local recording and home network distribution
US20080307240A1 (en) * 2007-06-08 2008-12-11 Texas Instruments Incorporated Power management electronic circuits, systems, and methods and processes of manufacture

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10070095B2 (en) 2007-12-10 2018-09-04 Intel Corporation System and method for automatically creating a media archive from content on a recording medium
US20090148125A1 (en) * 2007-12-10 2009-06-11 Realnetworks, Inc. System and method for automatically creating a media archive from content on a recording medium
US9282308B2 (en) 2007-12-10 2016-03-08 Intel Corporation System and method for automatically creating a media archive from content on a recording medium
US8582954B2 (en) 2007-12-10 2013-11-12 Intel Corporation System and method for automatically creating a media archive from content on a recording medium
US8600950B2 (en) 2007-12-10 2013-12-03 Intel Corporation System and method for automatically creating a media archive from content on a recording medium
US9043603B2 (en) * 2008-01-28 2015-05-26 Seagate Technology Llc Security threshold enforcement in anchor point-based digital rights management
US20090193262A1 (en) * 2008-01-28 2009-07-30 Seagate Technology, Llc Security threshold enforcement in anchor point-based digital rights management
US20090257594A1 (en) * 2008-04-15 2009-10-15 Amjad Qureshi Secure debug interface and memory of a media security circuit and method
US8090108B2 (en) * 2008-04-15 2012-01-03 Adaptive Chips, Inc. Secure debug interface and memory of a media security circuit and method
US9536557B2 (en) 2008-06-19 2017-01-03 Intel Corporation Systems and methods for content playback and recording
US8819457B2 (en) * 2008-06-19 2014-08-26 Intel Corporation Systems and methods for content playback and recording
US20090319807A1 (en) * 2008-06-19 2009-12-24 Realnetworks, Inc. Systems and methods for content playback and recording
US8555087B2 (en) * 2008-06-19 2013-10-08 Intel Corporation Systems and methods for content playback and recording
US8255578B2 (en) 2010-06-14 2012-08-28 Microsoft Corporation Preventing access to a device from an external interface
US9888051B1 (en) * 2011-03-31 2018-02-06 Amazon Technologies, Inc. Heterogeneous video processing using private or public cloud computing resources
US20140053278A1 (en) * 2012-08-17 2014-02-20 Broadcom Corporation Data and key separation using a secure central processing unit
US9171170B2 (en) * 2012-08-17 2015-10-27 Broadcom Corporation Data and key separation using a secure central processing unit
EP2917867A4 (en) * 2012-11-08 2016-05-11 Intel Corp An improved implementation of robust and secure content protection in a system-on-a-chip apparatus
CN104704500A (en) * 2012-11-08 2015-06-10 英特尔公司 An improved implementation of robust and secure content protection in a system-on-a-chip apparatus
WO2014074127A1 (en) 2012-11-08 2014-05-15 Intel Corporation An improved implementation of robust and secure content protection in a system-on-a-chip apparatus
US20140143552A1 (en) * 2012-11-18 2014-05-22 Cisco Technology Inc. Glitch Resistant Device
US9158901B2 (en) * 2012-11-18 2015-10-13 Cisco Technology Inc. Glitch resistant device
CN105051744A (en) * 2013-03-28 2015-11-11 爱迪德技术有限公司 Protection of digital content
US20160050454A1 (en) * 2013-03-28 2016-02-18 Irdeto B.V. Protection of digital content
WO2014154291A1 (en) * 2013-03-28 2014-10-02 Irdeto B.V. Protection of digital content
US10013563B2 (en) * 2013-09-30 2018-07-03 Dell Products L.P. Systems and methods for binding a removable cryptoprocessor to an information handling system
US20150095631A1 (en) * 2013-09-30 2015-04-02 Dell Products L.P. Systems and methods for binding a removable cryptoprocessor to an information handling system
WO2016053729A1 (en) * 2014-09-30 2016-04-07 Alibaba Group Holding Limited Method and system for secure management of computer applications
US10284372B2 (en) 2014-09-30 2019-05-07 Alibaba Group Holding Limited Method and system for secure management of computer applications
CN106708673B (en) * 2015-11-13 2020-12-29 三星电子株式会社 System on chip and secure debugging method
US20170139008A1 (en) * 2015-11-13 2017-05-18 Samsung Electronics Co., Ltd. System on chip and secure debugging method
CN106708673A (en) * 2015-11-13 2017-05-24 三星电子株式会社 System on chip and secure debugging method
KR102415388B1 (en) 2015-11-13 2022-07-01 삼성전자주식회사 System on chip and secure debugging method thereof
KR20170056778A (en) * 2015-11-13 2017-05-24 삼성전자주식회사 System on chip and secure debugging method thereof
US10012693B2 (en) * 2015-11-13 2018-07-03 Samsung Electronics Co., Ltd. System on chip and secure debugging method
US10936758B2 (en) 2016-01-15 2021-03-02 Blockchain ASICs Inc. Cryptographic ASIC including circuitry-encoded transformation function
US10885228B2 (en) 2018-03-20 2021-01-05 Blockchain ASICs Inc. Cryptographic ASIC with combined transformation and one-way functions
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
US10607030B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC with onboard permanent context storage and exchange
US10607031B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC with autonomous onboard permanent storage
US10607032B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC for key hierarchy enforcement
US10796024B2 (en) 2018-04-25 2020-10-06 Blockchain ASICs Inc. Cryptographic ASIC for derivative key hierarchy
US10404463B1 (en) * 2018-04-25 2019-09-03 Blockchain Asics Llc Cryptographic ASIC with self-verifying unique internal identifier
US10404454B1 (en) 2018-04-25 2019-09-03 Blockchain Asics Llc Cryptographic ASIC for derivative key hierarchy
US11042669B2 (en) 2018-04-25 2021-06-22 Blockchain ASICs Inc. Cryptographic ASIC with unique internal identifier
US11093654B2 (en) * 2018-04-25 2021-08-17 Blockchain ASICs Inc. Cryptographic ASIC with self-verifying unique internal identifier
US11093655B2 (en) 2018-04-25 2021-08-17 Blockchain ASICs Inc. Cryptographic ASIC with onboard permanent context storage and exchange
US10262163B1 (en) 2018-04-25 2019-04-16 Blockchain Asics Llc Cryptographic ASIC with unique internal identifier
US11196789B2 (en) * 2018-09-20 2021-12-07 Panasonic Intellectual Property Management Co., Ltd. Recording device and recording method

Also Published As

Publication number Publication date
WO2009100399A9 (en) 2009-12-03
WO2009100399A1 (en) 2009-08-13

Similar Documents

Publication Publication Date Title
US20090202068A1 (en) Media security through hardware-resident proprietary key generation
US11580570B2 (en) Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust
US9270673B2 (en) Terminal device, verification device, key distribution device, content playback method, key distribution method, and computer program
TWI630813B (en) Client computing system and method for processing content, and machine readable storage media
US8131995B2 (en) Processing feature revocation and reinvocation
US9100693B2 (en) Methods and apparatuses for securing playback content
CN101271501B (en) Encryption and decryption method and device of digital media file
US8181038B2 (en) Systems and methods for executing encrypted programs
TWI257798B (en) System for identification and revocation of audiovisual titles and replicators
US8837908B2 (en) Systems and methods for performing secure playback of media content
US9197407B2 (en) Method and system for providing secret-less application framework
US20090060182A1 (en) Apparatus and method for enhancing the protection of media content
US20130046981A1 (en) Secure provisioning of integrated circuits at various states of deployment, methods thereof
EP3281357B1 (en) Session based watermarking of media content using encrypted content streams
JP2002319934A (en) System and method for protecting copyright
US20070239617A1 (en) Method and apparatus for temporarily accessing content using temporary license
KR20090002660A (en) Method for reproducing and approving playback of encrypted contents and apparatus thereof
US20100281275A1 (en) Method of recording content on disc, method of providing title key, apparatus for recording content on disc, and content providing server
JP2005507195A (en) Apparatus and method for accessing material using entity-locked secure registry
TWI502484B (en) Display system and display method
CN103778351B (en) Display system and display method
JP2013141171A (en) Information processing device and information processing method and program
KR20090063383A (en) Digital rights management conversion system and controlling method for the same
CN103780956A (en) Display system and display method
KR20140129683A (en) Terminal apparatus and method for playing encrypted multimedia contents applied drm

Legal Events

Date Code Title Description
AS Assignment

Owner name: ADAPTIVE CHIPS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:QURESHI, AMJAD;CHILUKURI, BABU;REEL/FRAME:020476/0531

Effective date: 20080205

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION